Vulnerabilities > CVE-2003-1109 - Unspecified vulnerability in Cisco products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cisco

nessus

NVD

Published: 2003-12-31

Updated: 2018-10-30

Summary

The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS 12.2\(1\)Xa Cisco IOS 12.2\(1\)Xd Cisco IOS 12.2\(1\)Xd1 Cisco IOS 12.2\(1\)Xd3 Cisco IOS 12.2\(1\)Xd4 Cisco IOS 12.2\(1\)Xe Cisco IOS 12.2\(1\)Xe2 Cisco IOS 12.2\(1\)Xe3 Cisco IOS 12.2\(1\)Xh Cisco IOS 12.2\(1\)Xq Cisco IOS 12.2\(1\)Xs Cisco IOS 12.2\(1\)Xs1 Cisco IOS 12.2\(2\)T4 Cisco IOS 12.2\(2\)Xa Cisco IOS 12.2\(2\)Xa1 Cisco IOS 12.2\(2\)Xa5 Cisco IOS 12.2\(2\)Xb Cisco IOS 12.2\(2\)Xb3 Cisco IOS 12.2\(2\)Xb4 Cisco IOS 12.2\(2\)Xf Cisco IOS 12.2\(2\)Xg Cisco IOS 12.2\(2\)Xh Cisco IOS 12.2\(2\)Xh2 Cisco IOS 12.2\(2\)Xh3 Cisco IOS 12.2\(2\)Xi Cisco IOS 12.2\(2\)Xi1 Cisco IOS 12.2\(2\)Xi2 Cisco IOS 12.2\(2\)Xj Cisco IOS 12.2\(2\)Xj1 Cisco IOS 12.2\(2\)Xk Cisco IOS 12.2\(2\)Xk2 Cisco IOS 12.2\(2\)Xn Cisco IOS 12.2\(2\)Xt Cisco IOS 12.2\(2\)Xt3 Cisco IOS 12.2\(2\)Xu Cisco IOS 12.2\(2\)Xu2 Cisco IOS 12.2\(11\)T Cisco IOS 12.2T Cisco IOS 12.2Xa Cisco IOS 12.2Xb Cisco IOS 12.2Xc Cisco IOS 12.2Xd Cisco IOS 12.2Xe Cisco IOS 12.2Xf Cisco IOS 12.2Xg Cisco IOS 12.2Xh Cisco IOS 12.2Xi Cisco IOS 12.2Xj Cisco IOS 12.2Xk Cisco IOS 12.2Xl Cisco IOS 12.2Xm Cisco IOS 12.2Xn Cisco IOS 12.2Xq Cisco IOS 12.2Xr Cisco IOS 12.2Xs Cisco IOS 12.2Xt Cisco IOS 12.2Xw Cisco PIX Firewall Software 5.2\(1\) Cisco PIX Firewall Software 5.2\(2\) Cisco PIX Firewall Software 5.2\(3.210\) Cisco PIX Firewall Software 5.2\(5\) Cisco PIX Firewall Software 5.2\(6\) Cisco PIX Firewall Software 5.2\(7\) Cisco PIX Firewall Software 5.3 Cisco PIX Firewall Software 5.3\(1\) Cisco PIX Firewall Software 5.3\(1.200\) Cisco PIX Firewall Software 5.3\(2\) Cisco PIX Firewall Software 5.3\(3\) Cisco PIX Firewall Software 6.0 Cisco PIX Firewall Software 6.0\(1\) Cisco PIX Firewall Software 6.0\(2\) Cisco PIX Firewall Software 6.1\(2\) Cisco PIX Firewall Software 6.2\(1\)	73
Hardware	Cisco Cisco IP Phone 7940 * Cisco IP Phone 7960 *	2

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20030221-PROTOSHTTP.NASL
description	Multiple Cisco products contain vulnerabilities in the processing of Session Initiation Protocol (SIP) INVITE messages. These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG)
last seen	2019-10-28
modified	2010-09-01
plugin id	48969
published	2010-09-01
reporter	This script is (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/48969
title	Multiple Product Vulnerabilities Found by PROTOS SIP Test Suite - Cisco Systems

NASL family	CISCO
NASL id	CSCDZ39284.NASL
description	It is possible to make the remote IOS crash when sending it malformed SIP packets. These vulnerabilities are documented as CISCO bug id CSCdz39284 and CSCdz41124.
last seen	2020-06-01
modified	2020-06-02
plugin id	11380
published	2003-03-14
reporter	This script is (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11380
title	Cisco SIP Crafted INVITE Message Handling DoS (CSCdz39284, CSCdz41124)

Summary

Vulnerable Configurations

Nessus

References